Hey guys, sorry to bother you but i, like so many others, have been infected with this crap that won't go away. I have the about:blank Coolwebsearch malware, as well as the Win32 trojan. I ran ad-aware and thats what it told me anyway...a lot of CWS and Win32. I've tried figuring this out for myself by getting into the registry after reading what was said ot others with similar problems, but it doesn't work. Any help would be greatly appreciated. Here's my HJT log. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 9:53:37 AM, on 07/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Download Ewido Security Suite -- http://fileforum.betanews.com/detail...e/1098736486/1
Install it, and while installing, under Additional Options, uncheckInstall background guard and Install scan via context menu.
From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here: http://www.ewido.net/en/download/updates/
Note -- When you run Ewido for the first time, you will get the warning Database could not be found!, click OK when you do.
Reboot into Safe Mode (reboot your computer and tap the F8 key while it's starting back up).
Run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).
Empty your Recycle Bin and reboot normally.
Close any open browser windows, scan with hijackthis, and post a new log along with the Ewido log.
RaineX
Jun 7th, 2005 1:54 pm
Re: Win32.trojan.agent.bi and Coolwebsearch :(
Alright, i did all of this, except i coudln't get the on-line virus scans to work properly, i'm currently using Mozilla while IE is down, so i kept getting errors whenever i tried to scan. I completed the rest however.
Here is my Ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:47:59 PM, 07/06/2005
+ Report-Checksum: 85119A7B
Logfile of HijackThis v1.99.1
Scan saved at 12:50:38 PM, on 07/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
You should clean up your browser by clicking on Tools, and then select Options.
Click the Privacy icon on the Option menu bar to open the Privacy Properties.
Click the Clear All button at the bottom of the window.
Click OK to return to the browser main page.
Exit the browser.
Scan with hijackthis and have it fix the following entries:
Go to C:\WINDOWS\cryp32.exe, right-click on cryp32.exe, go to Properties, and give us whatever info you can on it (Company, version, etc.).
Empty your Recycle Bin and reboot.
Close any open browser windows, scan with hijackthis, and post a new log please.
RaineX
Jun 10th, 2005 9:05 pm
Re: Win32.trojan.agent.bi and Coolwebsearch :(
Hi! I performed those steps, however i could not find the file cryp32.exe...i used HJT before i looked for it so i may have deleted it instead, sorry about that. Also, i had to go into safe mode in order to delete systn32.dll and winln.exe, but i got them. Here is my latest HJT log. Thanks again for your help in this!
Logfile of HijackThis v1.99.1
Scan saved at 8:01:27 PM, on 10/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Its been a couple days since my last HJT log, so i thought i'd update to make sure nothings changed. I still have the Coolwebsearch problem :( There are days when i hate computers, lol.
Logfile of HijackThis v1.99.1
Scan saved at 10:34:58 PM, on 12/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Be sure your system is set to Show hidden files and folders.
Go to the following locations and delete the highlighted files (if the filenames have changed, delete whatever filename(s) now appear in the R1 & R0 entries of your log):
C:\WINDOWS\system32\bdulc.dll
Go to each of these files, right-click, go to Properties, and give us whatever info you can:
For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Cookies
Local Settings\Temp
Local Settings\History
Local Settings\Temporary Internet Files
C:\Windows\Temp
C:\Temp (if you have one)
C:\Windows\Prefetch
Do a search for *.tmp and delete all entries found
Empty your Recycle Bin and reboot normally.
Close any open browser windows, scan with HijackThis, and post a new log please.
RaineX
Jun 15th, 2005 12:53 am
Re: Win32.trojan.agent.bi and Coolwebsearch :(
Alright, i performed all of these steps. When i went to fix the listed items in my HJT log after booting up in safe mode, none of the files under R1 and R0 were listed, the only file that i could fix was R3: URL SearchHook Missing. I could not find the bdulc.dll to delete, nor was Cryp32 present. I did manage to get a bit of info on the following:
d3dh.exe
size: 66.0kb
Size on Disk: 68.0kb
Created May 22, 2005
syscn.exe
size: 16.0kb
Size on Disk: 16.0kb
Created may 20, 2005
Its not a lot, but it was all that i saw worth noting in the properties menu. When i reran HJT after rebooting, it looks like everything is still there. I don't know why in the hell this is being so difficult. Thanks for your ongoing support in this, there is no way i could do this on my own :)
Logfile of HijackThis v1.99.1
Scan saved at 11:47:16 PM, on 14/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
